2 * Unix SMB/CIFS implementation.
4 * Copyright (C) 2018-2019 Andreas Schneider <asn@samba.org>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #include "lib/replace/replace.h"
27 #include "auth/credentials/credentials.c"
29 static int setup_talloc_context(void **state
)
31 TALLOC_CTX
*frame
= talloc_stackframe();
37 static int teardown_talloc_context(void **state
)
39 TALLOC_CTX
*frame
= *state
;
44 static void torture_creds_init(void **state
)
46 TALLOC_CTX
*mem_ctx
= *state
;
47 struct cli_credentials
*creds
= NULL
;
48 const char *username
= NULL
;
49 const char *domain
= NULL
;
50 const char *password
= NULL
;
51 enum credentials_obtained dom_obtained
= CRED_UNINITIALISED
;
52 enum credentials_obtained usr_obtained
= CRED_UNINITIALISED
;
53 enum credentials_obtained pwd_obtained
= CRED_UNINITIALISED
;
56 creds
= cli_credentials_init(mem_ctx
);
57 assert_non_null(creds
);
58 assert_null(creds
->username
);
59 assert_int_equal(creds
->username_obtained
, CRED_UNINITIALISED
);
61 domain
= cli_credentials_get_domain(creds
);
63 ok
= cli_credentials_set_domain(creds
, "WURST", CRED_SPECIFIED
);
65 assert_int_equal(creds
->domain_obtained
, CRED_SPECIFIED
);
66 domain
= cli_credentials_get_domain(creds
);
67 assert_string_equal(domain
, "WURST");
69 domain
= cli_credentials_get_domain_and_obtained(creds
,
71 assert_int_equal(dom_obtained
, CRED_SPECIFIED
);
72 assert_string_equal(domain
, "WURST");
74 username
= cli_credentials_get_username(creds
);
75 assert_null(username
);
76 ok
= cli_credentials_set_username(creds
, "brot", CRED_SPECIFIED
);
78 assert_int_equal(creds
->username_obtained
, CRED_SPECIFIED
);
79 username
= cli_credentials_get_username(creds
);
80 assert_string_equal(username
, "brot");
82 username
= cli_credentials_get_username_and_obtained(creds
,
84 assert_int_equal(usr_obtained
, CRED_SPECIFIED
);
85 assert_string_equal(username
, "brot");
87 password
= cli_credentials_get_password(creds
);
88 assert_null(password
);
89 ok
= cli_credentials_set_password(creds
, "SECRET", CRED_SPECIFIED
);
91 assert_int_equal(creds
->password_obtained
, CRED_SPECIFIED
);
92 password
= cli_credentials_get_password(creds
);
93 assert_string_equal(password
, "SECRET");
95 password
= cli_credentials_get_password_and_obtained(creds
,
97 assert_int_equal(pwd_obtained
, CRED_SPECIFIED
);
98 assert_string_equal(password
, "SECRET");
100 /* Run dump to check it works */
101 cli_credentials_dump(creds
);
104 static void torture_creds_init_anonymous(void **state
)
106 TALLOC_CTX
*mem_ctx
= *state
;
107 struct cli_credentials
*creds
= NULL
;
109 creds
= cli_credentials_init_anon(mem_ctx
);
110 assert_non_null(creds
);
112 assert_string_equal(creds
->domain
, "");
113 assert_int_equal(creds
->domain_obtained
, CRED_SPECIFIED
);
115 assert_string_equal(creds
->username
, "");
116 assert_int_equal(creds
->username_obtained
, CRED_SPECIFIED
);
118 assert_null(creds
->password
);
119 assert_int_equal(creds
->password_obtained
, CRED_SPECIFIED
);
122 static void torture_creds_guess(void **state
)
124 TALLOC_CTX
*mem_ctx
= *state
;
125 struct cli_credentials
*creds
= NULL
;
126 const char *env_user
= getenv("USER");
129 creds
= cli_credentials_init(mem_ctx
);
130 assert_non_null(creds
);
132 setenv("PASSWD", "SECRET", 1);
133 ok
= cli_credentials_guess(creds
, NULL
);
136 assert_string_equal(creds
->username
, env_user
);
137 assert_int_equal(creds
->username_obtained
, CRED_GUESS_ENV
);
139 assert_string_equal(creds
->password
, "SECRET");
140 assert_int_equal(creds
->password_obtained
, CRED_GUESS_ENV
);
144 static void torture_creds_anon_guess(void **state
)
146 TALLOC_CTX
*mem_ctx
= *state
;
147 struct cli_credentials
*creds
= NULL
;
150 creds
= cli_credentials_init_anon(mem_ctx
);
151 assert_non_null(creds
);
153 setenv("PASSWD", "SECRET", 1);
154 ok
= cli_credentials_guess(creds
, NULL
);
157 assert_string_equal(creds
->username
, "");
158 assert_int_equal(creds
->username_obtained
, CRED_SPECIFIED
);
160 assert_null(creds
->password
);
161 assert_int_equal(creds
->password_obtained
, CRED_SPECIFIED
);
165 static void torture_creds_parse_string(void **state
)
167 TALLOC_CTX
*mem_ctx
= *state
;
168 struct cli_credentials
*creds
= NULL
;
169 enum credentials_obtained princ_obtained
= CRED_UNINITIALISED
;
170 enum credentials_obtained usr_obtained
= CRED_UNINITIALISED
;
171 enum credentials_obtained pwd_obtained
= CRED_UNINITIALISED
;
173 creds
= cli_credentials_init(mem_ctx
);
174 assert_non_null(creds
);
177 cli_credentials_parse_string(creds
, "%", CRED_SPECIFIED
);
179 assert_string_equal(creds
->domain
, "");
180 assert_int_equal(creds
->domain_obtained
, CRED_SPECIFIED
);
182 assert_string_equal(creds
->username
, "");
183 assert_int_equal(creds
->username_obtained
, CRED_SPECIFIED
);
185 assert_null(creds
->password
);
186 assert_int_equal(creds
->password_obtained
, CRED_SPECIFIED
);
188 /* Username + password */
189 cli_credentials_parse_string(creds
, "wurst%BROT", CRED_SPECIFIED
);
191 assert_string_equal(creds
->domain
, "");
192 assert_int_equal(creds
->domain_obtained
, CRED_SPECIFIED
);
194 assert_string_equal(creds
->username
, "wurst");
195 assert_int_equal(creds
->username_obtained
, CRED_SPECIFIED
);
197 assert_string_equal(creds
->password
, "BROT");
198 assert_int_equal(creds
->password_obtained
, CRED_SPECIFIED
);
200 /* Domain + username + password */
201 cli_credentials_parse_string(creds
, "XXL\\wurst%BROT", CRED_SPECIFIED
);
203 assert_string_equal(creds
->domain
, "XXL");
204 assert_int_equal(creds
->domain_obtained
, CRED_SPECIFIED
);
206 assert_string_equal(creds
->username
, "wurst");
207 assert_int_equal(creds
->username_obtained
, CRED_SPECIFIED
);
209 assert_string_equal(creds
->password
, "BROT");
210 assert_int_equal(creds
->password_obtained
, CRED_SPECIFIED
);
213 cli_credentials_parse_string(creds
, "wurst@brot.realm", CRED_SPECIFIED
);
215 assert_string_equal(creds
->domain
, "");
216 assert_int_equal(creds
->domain_obtained
, CRED_SPECIFIED
);
218 assert_string_equal(creds
->username
, "wurst@brot.realm");
219 usr_obtained
= cli_credentials_get_username_obtained(creds
);
220 assert_int_equal(usr_obtained
, CRED_SPECIFIED
);
222 assert_string_equal(creds
->principal
, "wurst@brot.realm");
223 princ_obtained
= cli_credentials_get_principal_obtained(creds
);
224 assert_int_equal(princ_obtained
, CRED_SPECIFIED
);
226 assert_string_equal(creds
->password
, "BROT");
227 pwd_obtained
= cli_credentials_get_password_obtained(creds
);
228 assert_int_equal(pwd_obtained
, CRED_SPECIFIED
);
232 static void torture_creds_krb5_state(void **state
)
234 TALLOC_CTX
*mem_ctx
= *state
;
235 struct cli_credentials
*creds
= NULL
;
236 struct loadparm_context
*lp_ctx
= NULL
;
237 enum credentials_obtained kerberos_state_obtained
;
238 enum credentials_use_kerberos kerberos_state
;
241 lp_ctx
= loadparm_init_global(true);
242 assert_non_null(lp_ctx
);
244 creds
= cli_credentials_init(mem_ctx
);
245 assert_non_null(creds
);
246 kerberos_state_obtained
=
247 cli_credentials_get_kerberos_state_obtained(creds
);
248 kerberos_state
= cli_credentials_get_kerberos_state(creds
);
249 assert_int_equal(kerberos_state_obtained
, CRED_UNINITIALISED
);
250 assert_int_equal(kerberos_state
, CRED_USE_KERBEROS_DESIRED
);
252 ok
= cli_credentials_set_conf(creds
, lp_ctx
);
254 kerberos_state_obtained
=
255 cli_credentials_get_kerberos_state_obtained(creds
);
256 kerberos_state
= cli_credentials_get_kerberos_state(creds
);
257 assert_int_equal(kerberos_state_obtained
, CRED_SMB_CONF
);
258 assert_int_equal(kerberos_state
, CRED_USE_KERBEROS_DESIRED
);
260 ok
= cli_credentials_guess(creds
, lp_ctx
);
262 kerberos_state_obtained
=
263 cli_credentials_get_kerberos_state_obtained(creds
);
264 kerberos_state
= cli_credentials_get_kerberos_state(creds
);
265 assert_int_equal(kerberos_state_obtained
, CRED_SMB_CONF
);
266 assert_int_equal(kerberos_state
, CRED_USE_KERBEROS_DESIRED
);
267 assert_int_equal(creds
->ccache_obtained
, CRED_GUESS_FILE
);
268 assert_non_null(creds
->ccache
);
270 ok
= cli_credentials_set_kerberos_state(creds
,
271 CRED_USE_KERBEROS_REQUIRED
,
274 kerberos_state_obtained
=
275 cli_credentials_get_kerberos_state_obtained(creds
);
276 kerberos_state
= cli_credentials_get_kerberos_state(creds
);
277 assert_int_equal(kerberos_state_obtained
, CRED_SPECIFIED
);
278 assert_int_equal(kerberos_state
, CRED_USE_KERBEROS_REQUIRED
);
280 ok
= cli_credentials_set_kerberos_state(creds
,
281 CRED_USE_KERBEROS_DISABLED
,
284 kerberos_state_obtained
=
285 cli_credentials_get_kerberos_state_obtained(creds
);
286 kerberos_state
= cli_credentials_get_kerberos_state(creds
);
287 assert_int_equal(kerberos_state_obtained
, CRED_SPECIFIED
);
288 assert_int_equal(kerberos_state
, CRED_USE_KERBEROS_REQUIRED
);
292 static void torture_creds_gensec_feature(void **state
)
294 TALLOC_CTX
*mem_ctx
= *state
;
295 struct cli_credentials
*creds
= NULL
;
298 creds
= cli_credentials_init(mem_ctx
);
299 assert_non_null(creds
);
300 assert_int_equal(creds
->gensec_features_obtained
, CRED_UNINITIALISED
);
301 assert_int_equal(creds
->gensec_features
, 0);
303 ok
= cli_credentials_set_gensec_features(creds
,
307 assert_int_equal(creds
->gensec_features_obtained
, CRED_SPECIFIED
);
308 assert_int_equal(creds
->gensec_features
, GENSEC_FEATURE_SIGN
);
310 ok
= cli_credentials_set_gensec_features(creds
,
314 assert_int_equal(creds
->gensec_features_obtained
, CRED_SPECIFIED
);
315 assert_int_equal(creds
->gensec_features
, GENSEC_FEATURE_SIGN
);
318 static const char *torture_get_password(struct cli_credentials
*creds
)
320 return talloc_strdup(creds
, "SECRET");
323 static void torture_creds_password_callback(void **state
)
325 TALLOC_CTX
*mem_ctx
= *state
;
326 struct cli_credentials
*creds
= NULL
;
327 const char *password
= NULL
;
328 enum credentials_obtained pwd_obtained
= CRED_UNINITIALISED
;
331 creds
= cli_credentials_init(mem_ctx
);
332 assert_non_null(creds
);
334 ok
= cli_credentials_set_domain(creds
, "WURST", CRED_SPECIFIED
);
336 ok
= cli_credentials_set_username(creds
, "brot", CRED_SPECIFIED
);
339 ok
= cli_credentials_set_password_callback(creds
, torture_get_password
);
341 assert_int_equal(creds
->password_obtained
, CRED_CALLBACK
);
343 password
= cli_credentials_get_password_and_obtained(creds
,
345 assert_int_equal(pwd_obtained
, CRED_CALLBACK_RESULT
);
346 assert_string_equal(password
, "SECRET");
349 int main(int argc
, char *argv
[])
352 const struct CMUnitTest tests
[] = {
353 cmocka_unit_test(torture_creds_init
),
354 cmocka_unit_test(torture_creds_init_anonymous
),
355 cmocka_unit_test(torture_creds_guess
),
356 cmocka_unit_test(torture_creds_anon_guess
),
357 cmocka_unit_test(torture_creds_parse_string
),
358 cmocka_unit_test(torture_creds_krb5_state
),
359 cmocka_unit_test(torture_creds_gensec_feature
),
360 cmocka_unit_test(torture_creds_password_callback
)
364 cmocka_set_test_filter(argv
[1]);
366 cmocka_set_message_output(CM_OUTPUT_SUBUNIT
);
368 rc
= cmocka_run_group_tests(tests
,
369 setup_talloc_context
,
370 teardown_talloc_context
);